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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (Currently amended) A computing device having instantiated thereon a protected 
media path for delivering encrypted content from at locust one a source to at least on e a sink, 
the protected media path comprising: 

a media base providing a protected environment in the computing device and 
including a common infrastructure of core components effectuating processing of the content 
from any particular the source and delivering the processed content to any particular the sink, 
and also including a policy engine enforcing policy on behalf of eaeh the source, the policy 
corresponding to the content from the source and including rules and requirements for 
accessing and rendering the content, whereby the media base allows content to flow through 
the computing device in a protected fashion, and allows for arbitrary processing of the 
protected content in the computing device; 

a source trust authority (SOTA) in the computing device and associated with and 
corresponding to eaeh the source of the content, eaeh the SOTA acting as a secure lockbox 
connecting the source to the media base and representing the source in the protected media 
path, decrypting the content from the source, aad translating policy associated with the 
content from a native format of the source into a format amenable to the policy engine,. 
propagating the translated policy to the policy engine, and releasing th e decrypted content to 
the media base ; and 

a sink trust authority (SIT A) in the computing device and associated with and 
corresponding to eaeh the sink of content, eaeh the SITA acting as a secure lockbox 
connecting the sink to the media base and representing the sink in the protected media path, 
re-encrypting the decrypted content to bo dolivorod to the sink released by the SOTA, a&d 
receiving the translated policy from the policy engine, and re-t ranslating the translated policy 
asoociatod with tho content from the format of the policy engine into a format amenable to the 
sink, whereby the re-encrypted content and the retranslated policy are delivered to the sink, 
and whereby the sink receives the re-encrypted content and corroGponding the re-translated 
policy, decrypts the received content, and renders same based on the received policy. 
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2. (Original) The computing device of claim 1 wherein the media base of the 
instantiated protected media path further includes at least one supplemental component 
providing additional protected functionality to the computing device. 

3. (Currently amended) The computing device of claim 1 further having instantiated 
thereon a media application selecting the content to be delivered, selecting eaeh the source 
for providing the content by way of the protected media path, if necessary selecting eaeh the 
sink to receive the provided content by way of the protected media path, actuating the media 
base to arrange the protected media path according to eaeh the selected source and eaeh the 
selected sink. 

4. (Currently amended) The computing device of claim 3 wherein the media application 
provides delivery commands to the media base to control delivery of the content from eaeb 
the selected source to e ach the selected sink. 

5. (Original) The computing device of claim 3 wherein the media base prevents the 
media application from having access to the content delivered within the protected media 
path. 

6. (Original) The computing device of claim 3 wherein the media base prevents the 
media application from taking any action with respect to the content contrary to the policy 
corresponding to the content. 

7. (Currently amended) The computing device of claim 1 wherein eaeh the SOTA of the 
instantiated protected media path allows content thereof to be delivered through the protected 
media path only if the SOTA is satisfied that the media base, the policy engine thereof, each 
employed component thereof, and eaeh the SITA of the protected media path is trustworthy 
and has rights to be in contact with the content based on the policy corresponding thereto. 

8. (Original) The computing device of claim 7 wherein any element can be shown to be 
trustworthy based on a proffer of an acceptable token that vouches for the element. 
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9. (Original) The computing device of claim 8 wherein any element can be shown to be 
trustworthy based on a proffer of a verifiable digital certificate from an acceptable vouching 
authority. 

10. (Original) The computing device of claim 8 wherein a trustworthy element is trusted 
to decide whether same can be in contact with the content based on the policy corresponding 
thereto and based on whether same can honor the policy corresponding to the content. 

1 1 . (Original) The computing device of claim 8 wherein a trustworthy element is trusted 
to respond truthfully to a rights-based query from another element. 

12. (Currently amended) A method of delivering encrypted content from a source to a 
sink by way of a computing device, the method comprising: 

an application on the computing device calling to a media base on the computing 
device with a definition of the content, the source, and the sink; 

the media base including a policy engine that enforces policy on behalf of the source, 
the policy corresponding to the content from the source and including rules and requirements 
for accessing and rendering the content, and establishing a protected media path based on the 
defined content, source, and sink to effectuate such delivery, the established protected media 
path including: 

the media base; 

a source trust authority (SOT A) on the computing device and associated with and 
corresponding to the source, the SOTA acting as a secure lockbox connecting the source to 
the media base and representing the source in the protected media path, decrypting the 
content from the source, and translating policy associated with the content from a native 
format of the source into a format amenable to the policy engine, propagating the translated 
policy to the policy engine and releasing the decrypted content to the media base; and 

a sink trust authority (SIT A) on the computing device and associated with and 
corresponding to the sink, the SITA acting as a secure lockbox connecting the sink to the 
media base and representing the sink in the protected media path, ^encrypting the decrypted 
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content to bu dolivorod to fee nnk released bv the SOTA , receiving the translated policy from 
the nolicv engine, and retranslating the translated policy associated with the cont e nt from the 
format of the policy engine into a format amenable to the sink, whereby the re-encrypted 
content and the re-translated policy are deliver ed to the sink, and whereby the sink receives 
the re-encrypted content and corresponding the re-translated policy, decrypts the received 
content, and renders same based on the received policy; 

the SOTA on behalf of the source establishing trust with respect to the protected 

media path; 

the SOTA upon trust being established with respect to the protected media path 
propagating the translated policy corresponding to the content to be delivered to the protected 
media path; 

the SOTA determining a particular type of action to be taken with the content as 
delivered through the protected media path; 

the SOTA deciding whether the particular type of action can be taken with the content 
as delivered through the protected media path and informing the media base regarding same; 

the media base informing the application whether the particular type of action can be 
taken, and if so the application proceeding by commanding the media base to perform such 
type of action. 

1 3 . (Original) The method of claim 1 2 wherein the media base establishing the protected 
media path comprises the media base selecting core components thereof that are to handle 
and operate on the content while being delivered through the protected media path, the core 
components providing core functionality to the media base. 

14. (Original) The method of claim 1 3 wherein the media base establishing the protected 
media path further comprises the media base selecting supplemental components thereof that 
are to handle and operate on the content while being delivered through the protected media 
path, the supplemental components providing supplemental functionality to the media base. 



1 5 . (Currently amended) The method of claim 1 2 wherein the SOTA establishing trust 

with respect to the protected media path comprises: 
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the SOTA establishing trust with [[a]] the policy engine of the media base; 
the trusted policy engine establishing trust with every other element of the protected 
media path including the SITA. 

16. (Original) The method of claim 15 wherein establishing trust with any element 
comprises receiving a proffer of an acceptable token that vouches for the element. 

17. (Original) The method of claim 16 wherein establishing trust with any element 
comprises receiving a proffer of a verifiable digital certificate from an acceptable vouching 
authority. 

18. (Currently amended) The method of claim 12 wherein the SOTA propagating the 
translated policy corresponding to the content to be delivered to the protected media path 
comprises: 

the SOTA propagating the translated policy to [[a]] the policy engine of the media 



the policy engine.,, as necessary^ determining that each element of the protected media 
path including the SITA satisfies the policy. 

19. (Currently amended) The method of claim 18 wherein if the policy engine determines 
that a particular element of the protected media path does not satisfies the policy, the policy 
engine performs an action selected from a group consisting of refusing such element access to 
the content and preventing the content from being delivered through the protected media 
path. 

20. (Currently amended) The method of claim 12 wherein the SOTA propagating the 
translated policy corresponding to the content to be delivered to the protected media path 
comprises: 

the SOTA propagating the translated policy to [[a]] the policy engine of the media 

base; 



base; and 
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the policy engine propagating the translated policy to the SITA in the protected media 
path; and 

the SITA as a trusted element of the protected media path abiding by such policy. 

2 1 . (Original) The method of claim 1 2 comprising the SOT A determining from the SITA 
the particular type of action to be taken with the content as delivered through the protected 
media path. 

22. (Original) The method of claim 12 comprising the SOTA deciding whether the 
particular type of action can be taken with the content based on the policy corresponding 
thereto. 

23. (Currently amended) The method of claim 12 further comprising: 

the SOTA obtaining the encrypted content from the source in an encrypted form, 
doorypting tho encrypted content, and delive r ing tho decrypted content to the media base ; 

the media base processing the decrypted content as necessary and delivering the 
processed decrypted content to the SITA; and 

the SITA encrypting the processed decrypted content and delivering the encrypted 

processed content to the sink. 
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